Optimal encodings to elliptic curves of $j$-invariants $0$, $1728$

Dmitrii Koshelev

Paper 2021/1034

Optimal encodings to elliptic curves of $j$ -invariants $0$ , $1728$

Dmitrii Koshelev

Abstract

This article provides new constant-time encodings $F_{q}^{*} \to E (F_{q})$ to ordinary elliptic $F_{q}$ -curves $E$ of $j$ -invariants $0$ , $1728$ having a small prime divisor of the Frobenius trace. Therefore all curves of $j = 1728$ are covered. This circumstance is also true for the Barreto--Naehrig curves BN512, BN638 from the international cryptographic standards ISO/IEC 15946-5, TCG Algorithm Registry, and FIDO ECDAA Algorithm. Many $j = 1728$ curves as well as BN512, BN638 are not appropriate for the most efficient prior encodings. So, in fact, only universal SW (Shallue--van de Woestijne) one was previously applicable to them. However this encoding (in contrast to the new ones) cannot be computed at the cost of one exponentiation in the field $F_{q}$ .

Metadata

Available format(s): PDF
Category: Implementation
Publication info: Preprint.
Keywords: encodings to (hyper)elliptic curves isogenies -invariants and optimal covers Weil pairing
Contact author(s): dimitri koshelev @ gmail com
History: 2022-11-16: last of 4 revisions; 2021-08-16: received; See all versions
Short URL: https://ia.cr/2021/1034
License: CC BY

BibTeX

@misc{cryptoeprint:2021/1034,
      author = {Dmitrii Koshelev},
      title = {Optimal encodings to elliptic curves of $j$-invariants $0$, $1728$},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/1034},
      year = {2021},
      url = {https://eprint.iacr.org/2021/1034}
}

Paper 2021/1034

Optimal encodings to elliptic curves of j-invariants 0, 1728

Abstract

Metadata

Optimal encodings to elliptic curves of $j$ -invariants $0$ , $1728$